PT-2022-22854 · Otfcc +1 · Otfcc +1

Name of the Vulnerable Software and Affected Versions: OTFCC version 0.10.4 Description: A segmentation violation was discovered in OTFCC via the /release-x64/otfccdump+0x6babea endpoint. Recommendations: For OTFCC version 0.10.4, consider restricting access to the /release-x64/otfccdump+0x6babea...

PT-2022-19030 · Motopress · Motopress Timetable/Event Schedule

Name of the Vulnerable Software and Affected Versions: MotoPress Timetable and Event Schedule versions up to 1.4.06 Description: A vulnerability has been found in the Calendar Handler component of MotoPress Timetable and Event Schedule. The issue affects an unknown part of the file "/wp/?cpmvc...

PT-2022-14475 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue concerns a side channel information disclosure in PackageManager, allowing an attacker to determine whether an app is installed without requiring query permissions. This could lead to local...

PT-2022-4530 · D Link · D-Link Dir-818Lw

Name of the Vulnerable Software and Affected Versions: D-LINK DIR-818LW version DIR818L FW105b01 Description: The issue is related to a remote code execution vulnerability via the ssdpcgi main function. This vulnerability is associated with coding errors in the firmware of D-LINK DIR-818LW router...

PT-2022-3296 · Trueconf · Trueconf Server

Name of the Vulnerable Software and Affected Versions: TrueConf Server version 4.3.7 Description: A problematic vulnerability has been found in TrueConf Server, affecting an unknown part of the file /admin/general/change-lang. The manipulation of the redirect url argument leads to an open redirec...

CVE-2014-125005 FFmpeg mpeg4videodec.c decode_vol_header memory corruption

A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decodevolheader of the file libavcodec/mpeg4videodec.c. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix...

GHSA-9F3P-WVJ7-Q82X Cargo prior to Rust 1.26.0 may download the wrong dependency

Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the package configuration key. Usage of the package key to rename dependencies in Cargo.toml is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency,...

PT-2022-7480 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17.0-rc4-next-20220217+ Description: The issue is related to a use-after-free vulnerability in the blktrace component of the Linux kernel. This vulnerability can be triggered when tracing the whole disk, and...

CVE-2022-21707 Incorrect Authorization in wasmCloud

wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly WASM actors and capability providers. In versions prior to 0.52.2 actors can bypass capability authorization. Actors are normally required to declare their capabilities for inbound invocations, b...

PT-2021-10121 · Craigms · Craigms

Name of the Vulnerable Software and Affected Versions: CraigMS version 1.0 Description: An issue in craigms/main.php allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field. Recommendations: For CraigMS version 1.0, consider restricting access to the...

PT-2021-10562 · Pluck · Pluck

Name of the Vulnerable Software and Affected Versions: Pluck version 4.7.10-dev2 Description: A remote command execution issue exists in the admin background when uploading files. Recommendations: For Pluck version 4.7.10-dev2, as a temporary workaround, consider restricting file uploads in the...

CVE-2020-29443

ideatapicmdreplyend in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated...

PT-2020-16904 · NetGear · Netgear Nighthawk R7000

Name of the Vulnerable Software and Affected Versions: NETGEAR Nighthawk R7000 version 1.0.9.64 10.2.64 Description: The issue allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a...

WakaTime: Bypassing Access control, changing owner's name in a private leaderboard

Hello, I would like to mention a bug here that is regarding changing the name of the owner of a leaderboard by a member that is first shown forbidden but when you again try to change owner's name you can see the changes to name made in the pop up that appears. Basically when I created a private...

bsselektronika.hu XSS vulnerability

Vulnerable URL: http://www.bsselektronika.hu/index.php?w="';-- Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 678697 VIP website status:| No Check bsselektronika.hu SSL connection:...

jet.com.br XSS vulnerability

Vulnerable URL: http://www.jet.com.br/pagamento/bradesco/falha.asp?ErrorDesc=" xany Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 112307 VIP website status:| No Check jet.com.br S...

goldseek.com Open Redirect vulnerability

Vulnerable URL: http://www.goldseek.com/cgi-bin/formail/FormMail.pl?recipient=contact%40GoldSeek.com=======https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclose...

smb.e-mordovia.ru XSS vulnerability

Vulnerable URL:...

jotzo.com XSS vulnerability

Vulnerable URL: http://www.jotzo.com/flashdetection.swf?flashContentURL=javascript:alert/XSSPOSED/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google...

ColdUserGroup 1.6 Bypass / Cross Site Scripting

Exploit Title: ColdUserGroup - Version 1.6 bypass/XSS Vulnerabilities Date: 09/09/2010 Author: Sangteamtham Software Link: http://www.coldgen.com/index.cfm?ColdGen=ProductDetails&ProductID=8 Version: 1.22 Tested on: Windows 7 1.Description: Built using Fusebox and adhering to CSS/XHTML standards...